From: Eric Hartmann Date: Thu, 12 Apr 2018 15:05:10 +0000 (+0200) Subject: SONAR-6949 Increase crypted password size X-Git-Tag: 7.5~1349 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=9b7da25a62ea40ccd8fad2753c7835d5c46abd4d;p=sonarqube.git SONAR-6949 Increase crypted password size --- diff --git a/build.gradle b/build.gradle index 15751f75c65..600c7e8ca26 100644 --- a/build.gradle +++ b/build.gradle @@ -186,6 +186,7 @@ subprojects { } dependency 'org.freemarker:freemarker:2.3.20' dependency 'org.hamcrest:hamcrest-all:1.3' + dependency 'org.mindrot:jbcrypt:0.4' dependency('org.mockito:mockito-core:2.15.0') { exclude 'org.hamcrest:hamcrest-core' } diff --git a/server/sonar-ce/src/test/java/org/sonar/ce/container/ComputeEngineContainerImplTest.java b/server/sonar-ce/src/test/java/org/sonar/ce/container/ComputeEngineContainerImplTest.java index 9c883ed7ae8..158f9ebe545 100644 --- a/server/sonar-ce/src/test/java/org/sonar/ce/container/ComputeEngineContainerImplTest.java +++ b/server/sonar-ce/src/test/java/org/sonar/ce/container/ComputeEngineContainerImplTest.java @@ -112,7 +112,7 @@ public class ComputeEngineContainerImplTest { ); assertThat(picoContainer.getParent().getParent().getComponentAdapters()).hasSize( CONTAINER_ITSELF - + 15 // MigrationConfigurationModule + + 16 // MigrationConfigurationModule + 17 // level 2 ); assertThat(picoContainer.getParent().getParent().getParent().getComponentAdapters()).hasSize( diff --git a/server/sonar-db-core/src/main/resources/org/sonar/db/version/schema-h2.ddl b/server/sonar-db-core/src/main/resources/org/sonar/db/version/schema-h2.ddl index 961ca45a144..52eb5bea34e 100644 --- a/server/sonar-db-core/src/main/resources/org/sonar/db/version/schema-h2.ddl +++ b/server/sonar-db-core/src/main/resources/org/sonar/db/version/schema-h2.ddl @@ -461,7 +461,7 @@ CREATE TABLE "USERS" ( "LOGIN" VARCHAR(255), "NAME" VARCHAR(200), "EMAIL" VARCHAR(100), - "CRYPTED_PASSWORD" VARCHAR(40), + "CRYPTED_PASSWORD" VARCHAR(100), "SALT" VARCHAR(40), "ACTIVE" BOOLEAN DEFAULT TRUE, "SCM_ACCOUNTS" VARCHAR(4000), diff --git a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/MigrationConfigurationModule.java b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/MigrationConfigurationModule.java index cf0d2d94bec..7cba424fbe4 100644 --- a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/MigrationConfigurationModule.java +++ b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/MigrationConfigurationModule.java @@ -35,6 +35,7 @@ import org.sonar.server.platform.db.migration.version.v66.DbVersion66; import org.sonar.server.platform.db.migration.version.v67.DbVersion67; import org.sonar.server.platform.db.migration.version.v70.DbVersion70; import org.sonar.server.platform.db.migration.version.v71.DbVersion71; +import org.sonar.server.platform.db.migration.version.v72.DbVersion72; public class MigrationConfigurationModule extends Module { @Override @@ -53,6 +54,7 @@ public class MigrationConfigurationModule extends Module { DbVersion67.class, DbVersion70.class, DbVersion71.class, + DbVersion72.class, // migration steps MigrationStepRegistryImpl.class, diff --git a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v72/DbVersion72.java b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v72/DbVersion72.java new file mode 100644 index 00000000000..6d42c8fb30d --- /dev/null +++ b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v72/DbVersion72.java @@ -0,0 +1,33 @@ +/* + * SonarQube + * Copyright (C) 2009-2018 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +package org.sonar.server.platform.db.migration.version.v72; + +import org.sonar.server.platform.db.migration.step.MigrationStepRegistry; +import org.sonar.server.platform.db.migration.version.DbVersion; + +public class DbVersion72 implements DbVersion { + + @Override + public void addSteps(MigrationStepRegistry registry) { + registry + .add(2100, "Increase size of CRYPTED_PASSWORD", IncreaseCryptedPasswordSize.class) + ; + } +} diff --git a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v72/IncreaseCryptedPasswordSize.java b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v72/IncreaseCryptedPasswordSize.java new file mode 100644 index 00000000000..4e09ef81c14 --- /dev/null +++ b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v72/IncreaseCryptedPasswordSize.java @@ -0,0 +1,45 @@ +/* + * SonarQube + * Copyright (C) 2009-2018 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +package org.sonar.server.platform.db.migration.version.v72; + +import java.sql.SQLException; +import org.sonar.db.Database; +import org.sonar.server.platform.db.migration.sql.AlterColumnsBuilder; +import org.sonar.server.platform.db.migration.step.DdlChange; + +import static org.sonar.server.platform.db.migration.def.VarcharColumnDef.newVarcharColumnDefBuilder; + +public class IncreaseCryptedPasswordSize extends DdlChange { + private static final String TABLE_NAME = "users"; + + public IncreaseCryptedPasswordSize(Database db) { + super(db); + } + + @Override + public void execute(Context context) throws SQLException { + context.execute(new AlterColumnsBuilder(getDialect(), TABLE_NAME) + .updateColumn(newVarcharColumnDefBuilder() + .setColumnName("crypted_password") + .setLimit(100) + .build()) + .build()); + } +} diff --git a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v72/package-info.java b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v72/package-info.java new file mode 100644 index 00000000000..c29969daa67 --- /dev/null +++ b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v72/package-info.java @@ -0,0 +1,24 @@ +/* + * SonarQube + * Copyright (C) 2009-2018 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +@ParametersAreNonnullByDefault +package org.sonar.server.platform.db.migration.version.v72; + +import javax.annotation.ParametersAreNonnullByDefault; + diff --git a/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/MigrationConfigurationModuleTest.java b/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/MigrationConfigurationModuleTest.java index 29059e5f75e..03db8bf6e46 100644 --- a/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/MigrationConfigurationModuleTest.java +++ b/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/MigrationConfigurationModuleTest.java @@ -37,7 +37,7 @@ public class MigrationConfigurationModuleTest { assertThat(container.getPicoContainer().getComponentAdapters()) .hasSize(COMPONENTS_IN_EMPTY_COMPONENT_CONTAINER // DbVersion classes - + 12 + + 13 // Others + 3); } diff --git a/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v72/DbVersion72Test.java b/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v72/DbVersion72Test.java new file mode 100644 index 00000000000..9b870fe4912 --- /dev/null +++ b/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v72/DbVersion72Test.java @@ -0,0 +1,40 @@ +/* + * SonarQube + * Copyright (C) 2009-2018 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +package org.sonar.server.platform.db.migration.version.v72; + +import org.junit.Test; + +import static org.sonar.server.platform.db.migration.version.DbVersionTestUtils.verifyMigrationCount; +import static org.sonar.server.platform.db.migration.version.DbVersionTestUtils.verifyMinimumMigrationNumber; + +public class DbVersion72Test { + private DbVersion72 underTest = new DbVersion72(); + + @Test + public void migrationNumber_starts_at_2100() { + verifyMinimumMigrationNumber(underTest, 2100); + } + + @Test + public void verify_migration_count() { + verifyMigrationCount(underTest, 1); + } + +} diff --git a/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v72/IncreaseCryptedPasswordSizeTest.java b/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v72/IncreaseCryptedPasswordSizeTest.java new file mode 100644 index 00000000000..455c0a25835 --- /dev/null +++ b/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v72/IncreaseCryptedPasswordSizeTest.java @@ -0,0 +1,63 @@ +package org.sonar.server.platform.db.migration.version.v72;/* + * SonarQube + * Copyright (C) 2009-2018 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ + +import java.sql.SQLException; +import org.junit.Rule; +import org.junit.Test; +import org.junit.rules.ExpectedException; +import org.mindrot.jbcrypt.BCrypt; +import org.sonar.db.CoreDbTester; + +import static org.assertj.core.api.Assertions.assertThat; + +public class IncreaseCryptedPasswordSizeTest { + private static final String TABLE_NAME = "users"; + + @Rule + public CoreDbTester db = CoreDbTester.createForSchema(IncreaseCryptedPasswordSizeTest.class, "users.sql"); + @Rule + public ExpectedException expectedException = ExpectedException.none(); + + private IncreaseCryptedPasswordSize underTest = new IncreaseCryptedPasswordSize(db.database()); + + @Test + public void cannot_insert_crypted_password() { + expectedException.expect(IllegalStateException.class); + + insertRow(); + } + + @Test + public void can_insert_crypted_password_after_execute() throws SQLException { + underTest.execute(); + assertThat(db.countRowsOfTable(TABLE_NAME)).isEqualTo(0); + insertRow(); + assertThat(db.countRowsOfTable(TABLE_NAME)).isEqualTo(1); + } + + private void insertRow() { + db.executeInsert( + "USERS", + "CRYPTED_PASSWORD", BCrypt.hashpw("a", BCrypt.gensalt()), + "IS_ROOT", false, + "ONBOARDED", false); + } + +} diff --git a/server/sonar-db-migration/src/test/resources/org/sonar/server/platform/db/migration/version/v72/IncreaseCryptedPasswordSizeTest/users.sql b/server/sonar-db-migration/src/test/resources/org/sonar/server/platform/db/migration/version/v72/IncreaseCryptedPasswordSizeTest/users.sql new file mode 100644 index 00000000000..3cf041df7dc --- /dev/null +++ b/server/sonar-db-migration/src/test/resources/org/sonar/server/platform/db/migration/version/v72/IncreaseCryptedPasswordSizeTest/users.sql @@ -0,0 +1,21 @@ +CREATE TABLE "USERS" ( + "ID" INTEGER NOT NULL GENERATED BY DEFAULT AS IDENTITY (START WITH 1, INCREMENT BY 1), + "LOGIN" VARCHAR(255), + "NAME" VARCHAR(200), + "EMAIL" VARCHAR(100), + "CRYPTED_PASSWORD" VARCHAR(40), + "SALT" VARCHAR(40), + "ACTIVE" BOOLEAN DEFAULT TRUE, + "SCM_ACCOUNTS" VARCHAR(4000), + "EXTERNAL_IDENTITY" VARCHAR(255), + "EXTERNAL_IDENTITY_PROVIDER" VARCHAR(100), + "IS_ROOT" BOOLEAN NOT NULL, + "USER_LOCAL" BOOLEAN, + "ONBOARDED" BOOLEAN NOT NULL, + "CREATED_AT" BIGINT, + "UPDATED_AT" BIGINT, + "HOMEPAGE_TYPE" VARCHAR(40), + "HOMEPAGE_PARAMETER" VARCHAR(40) +); +CREATE UNIQUE INDEX "USERS_LOGIN" ON "USERS" ("LOGIN"); +CREATE INDEX "USERS_UPDATED_AT" ON "USERS" ("UPDATED_AT"); diff --git a/sonar-core/build.gradle b/sonar-core/build.gradle index a2d0f1bb189..cecce8b43fd 100644 --- a/sonar-core/build.gradle +++ b/sonar-core/build.gradle @@ -20,6 +20,7 @@ dependencies { compile 'org.picocontainer:picocontainer' compile 'org.slf4j:slf4j-api' compile 'org.sonarsource.update-center:sonar-update-center-common' + compile 'org.mindrot:jbcrypt' compile project(path: ':sonar-plugin-api', configuration: 'shadow') compileOnly 'com.google.code.findbugs:jsr305'